Extensions hackers on Google Chrome, the malicious campaign is the most widespread to this day

Extensions pirates sur Google Chrome, la campagne malveillante la plus étendue à ce jour

This is a hard blow for the image and reputation of Google Chrome, the most popular browsers, with nearly 64% share of the global market, according to data from the site GS.Statcounter.com.

Last month, researchers of Awake Security have informed Google that extensions (plug-in) hackers or malicious on the shop

Chrome Web Store
downloaded over 32 million times, have spied the navigation data and stolen personal information, including credentials for various online services.

Great art !

These extensions pirates were sufficiently sophisticated to avoid the surveillance of anti-virus software and nothing to transmit when the computer was connected to a corporate network that is, by tradition, a lot more secure as your WiFi network home.

Such sophistication involves high-flying and non-small-rogue of the basement. Great art, no doubt about it.

According to co-founder and scientific responsible of Awake Security, Mr. Golomb, it is a matter of “a malicious campaign is the most widespread Chrome to this day.”

The distribution of threats and their levels of dangerousness

Extensions “anti-spyware”… malicious !

Several of these extensions are free and meant to protect their users from malicious sites on the Web. In fact, they took the data of their users, such as browsing history up to the identifiers of the internal tools of company for which they worked.

This is not all, these extensions could also take screen shots, read the clipboard, copy the tokens of identification of the witnesses (cookies) and enter the keystrokes of the user at the keyboard to steal passwords.

The authors of these extensions to be malicious will be difficult to trace, according to the researchers of Awake, but a registrar’s israeli Web sites named GalComm (CommuniGal Communication Ltd.) would be at the center of this spread, or aware of the facts, according to the website journaldugeek.com.

About GalComm, Awake Security explains on its website that”by exploiting the trust placed in him as a registrar of domains, GalComm has put in place some of the malicious activities that were detected on more than a hundred networks that we examined. In addition, the malicious activity that was able to remain hidden, bypassing several levels of security control, even in sophisticated organizations with significant investments in cyber security”.

On more than 26,000 domain names registered on GalComm, more than 15,000 (60%) were malicious or suspicious, according to Awake. They were hosting a variety of malicious software and traditional tools of surveillance by web browser. Thanks to the techniques of evasion, these areas have avoided being labeled as malware by most security systems.

A list of these areas can be viewed at this link.

An example of a lure to install a Chrome extension malicious

Extensions removed from the shop Chrome

Google said it had removed more than 70 of the expansion modules to the malware from its official online store Chrome after having been alerted by the researchers last month.

“When we are notified of the existence of extensions in the Web Store that violate our policies, we take action and use these incidents as training material to improve our automated scans and manual”, told Reuters Scott Westover, a spokesman for Google.

Read : how to navigate in safety while leaving the least traces possible.

What to do if you have Chrome on your computer

As we have just (re)discovered, one should be careful before installing any of the extensions, especially when they are free, and some may be harmful.

To check and, if necessary, uninstall extensions on Chrome, type in address bar “chrome://extensions/”.

Right-click on the icon of an extension that is running in the upper-right corner of the browser, and select “Manage extensions”. A new tab opens, describing the extension, and in the address bar of the tab, you will see something that looks like “chrome://extensions/?id=oiigbmnaadbkfbmpbfijlflahbdbdgdf”.

This long string of gibberish is an identifier of extension long of 32 characters. Compare the id of each of your extensions to the list available on this link, and if one matches, remove the extension.

Update of Windows 10 (may – 2004) to reduce the voracity of Chrome in ram

Other news about Chrome, Microsoft has recently released an update to its Windows 10, called “May 2020” (or 2004 version) supposed to reduce the memory usage by the Chrome browser.

For years, users of Windows and macOS are complaining about the ram usage of Chrome which eats up a lot on a computer, which can slow down the browsing experience, especially if the computer is not equipped with powerful processors. This problem exists since the early days of Chrome, especially for Windows, but thanks to the latest update of Microsoft’s software, this problem could be a thing of the past.

Share Button